357 matches found
Windows Scheduled Task Persistence Using S4U Authentication
This Python script defines a class called S4UPersistence that automates the creation of a Windows Scheduled Task to repeatedly execute an executable payload. It generates a Task Scheduler XML configuration and uses the S4U logon type, allowing the task to run without requiring an interactive...
Malicious code in @cloudplatform-single-spa/virtual-machines (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4475 Malicious code in aes-decode-runner-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d889fb0fd8c7bc4564c187d81448427b737ff7fe4b78a7ffe6a23c429b83b93 On require'aes-decode-runner-pro', the entry point index.js immediately invokes pkg.run lines 1-3: const pkg = require"./custom-codec"; pkg.run;, whi...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
CVE-2026-39428
CubeCart CVE-2026-39428: A Stored XSS vulnerability affected CubeCart v6.x prior to 6.6.0, where an admin could inject JavaScript into product fields during creation/modification. Payloads stored in the database could execute when users (customers or admins) view affected product pages, potential...
Malicious Package
Overview github.com/BufferZoneCorp/grpc-client is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster...
Malicious code in vue-template-compiler-plugin (npm)
Full C2 implant disguised as vue-template-compiler fork. postinstall-run.cjs loads tooling-bootstrap.cjs which contains base64-encoded C2 agent. Decoded payload: registers victim hostname, username, OS to Cloudflare tunnel C2 at maiden-apply-looks-education.trycloudflare.com, beacons for tasks,...
VIM Plugin Persistence
This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...
VIM Plugin Persistence
This Metasploit module creates a VIM Plugin which executes a payload on VIM startup...
PT-2026-36484
Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description Cross-Site Scripting XSS occurs when the custom html field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator...
CVE-2026-23757
GFI HelpDesk
Exploit for CVE-2026-33824
Windows IKEv2 Double-Free RCE CVE-2026-33824 Remote code ex...
Windows Persistence Bits Job
This module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots until...
PT-2026-32445
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...
EUVD-2026-21692
A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...
CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...
Windows Telemetry Persistence
This persistence mechanism installs a new telemetry provider for windows. If telemetry is turned on, when the scheduled task launches, it will execute the telemetry provider and execute our payload with system permissions. Module Options msf use exploit/windows/persistence/telemetry msf...
Windows Telemetry Persistence
This is a Metasploit module that provides a persistence mechanism that installs a new telemetry provider for windows. If telemetry is turned on, when the scheduled task launches, it will execute the telemetry provider and execute our payload with system permissions...
CVE-2026-39338
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...